Get started today. Now with 10-16% off!

WordPress Plugins

1,000,000 WordPress Web Sites Affected by an Unauthenticated SQL Injection Vulnerability in LayerSlider Plugin 7.9.11 – 7.10.0

The LayerSlider plugin for WordPress (versions between 7.9.11 and 7.10.0) is vulnerable to an Unauthenticated SQL Injection. It is mandatory to immediately update to the latest patched version of the plugin that solves the problem. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. LayerSlider Plugin 7.9.11 – 7.10.0 - Unauthenticated SQL Injection Plugin slug: LayerSlider Update to version: 7.10.1 The breach can be done trough the ls_get_popup_markup action due to insufficient escaping on the user supplied parameter...

read more

Dangerous Bug in WP-Members Membership Plugin – Unauthenticated Stored Cross-Site Scripting Vulnerability <= 3.4.9.2

In the plugin installed on over 60,000 web sites (WP-Members Membership - a membership plugin with content restriction and custom registration) an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability has been reported recently. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting vulnerability Plugin slug: wp-members Update to version: 3.4.9.3 The vulnerability...

read more

Missing Authorization Vulnerability in Blog2Social Plugin <= 6.9.11

A new vulnerability (Missing Authorization) has been discovered in Blog2Social WordPress Plugin which is installed on over 70,000 sites. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. Blog2Social Plugin <= 6.9.11 - Missing Authorization vulnerability Plugin slug: blog2social Update to version: 6.9.12 The bug makes it possible for authenticated attackers that have minimal permissions, for example subscribers, to change the plugin’s settings.

read more

Zero-Day Vulnerability in WPGateway <= 3.5

The WPGateway plugin is a premium plugin tied to the WPGateway cloud service, which offers its users a way to setup and manage WordPress sites from a single dashboard. Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator. More details are coming. We have a solution for this vulnerability and you can order our PRO Maintenance Plan to secure your website!

read more

Critical Vulnerability Patched in Ninja Forms WordPress Plugin <= 3.6.10

Recently information about two code injection vulnerabilities surfaced the web that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserializes user-supplied content, resulting in Object Injection. This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate POP chain was present. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance...

read more

Cross-Site Scripting Vulnerability in Download Manager Plugin <= 3.2.42

Download Manager is a file and document management plugin to help manage and control file downloads with various file download controls to restrict unauthorized file access. The plugin also provides a complete solution to sell digital products from WordPress sites, including checkout functionality to complete an order. One feature of the plugin is the ability to use a shortcode to embed files and other assets in a page or post. This function was found to be vulnerable to reflected Cross-Site Scripting. Without proper sanitization and escaping in place on user-supplied inputs, JavaScript can...

read more

Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin <= 13.1.5

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending them to an existing SQL query and affected versions are <= 13.1.4. This could be used to extract sensitive information like password hashes and secret keys from the database. Later on a new vulnerability has been discovered by Muhammad Zeeshan for versions <= 13.1.5 (including the patched...

read more

Standard Plan

$6999USD/m NOW $58/m89/m
billed yearly or $99 $89 month-by-monthmonthly and $149 set-up fee

WordPress Maintenance and Security Updates

We will update your WordPress core, plugins and themes constantly plus you will get 20 more security features.

Save $360/yearly (30%)
and avoid $149 set-up fee!

Save additional 1610% NOW!

Pay $699 yearly ($58/month)Pay $238 now, $89 monthly afterwards

Available for websites with themes and plugins from WordPress.org repository only.

Sign up for the security newsletter